Overview
You can use this document to learn about the data displayed in the Insights page.
At a high level, the Insights page displays pattern-based anomalies, which comes from the configurations of your monitors, processors, and Kubernetes environment.
Understand Data Types
Data Type | Description |
Processor Signals |
A signal is a processor-based anomaly. In other words, signals are based on a processor's configurations. Specifically, when a processor has an anomaly score that is higher than the configured threshold, a signal will be created and displayed on this page. Signals are the most common type of anomaly. To learn more, see Processors Overview. |
Monitor Findings |
A finding is a monitor-based anomaly. In other words, findings are based on a monitor's configuration.
There are 3 default monitors with every account:
To learn more about monitors, see Monitors.
|
Kubernetes Events |
|
Filter Data
Review the following filter options that you can use to update the timeline / bar graph.
Note
These filter options will not update the Signals, Findings, or Events table.
Filter Option | Description |
Group By |
This option allows you to filter data based on data sources. The listed data sources are based on the selected tag and source type.
|
Previous Period (Offset) |
This option will display an icon (a triangle) in the graph to indicate if detection for the signal, finding, or event increased or decreased in the previous lookback period. |
Last Week (Offset) |
This option will display an icon (an inverted triangle) in the graph to indicate if detection for the signal, finding, or event increased or decreased in the previous week. |
Yesterday (Offset) |
This option will display an icon (a square) in the graph to indicate if detection for the signal, finding, or event increased or decreased in the previous day. |
Understand the Timeline Graph and Bar Graph
To view detailed information about a specific signal, finding, or event, hover over a specific graph entry to view a pop-up window.
To better understand the data in the Timeline graph and in the Bar graph, review the following table:
Timeline Graph | Bar Graph | |
Processor Signals |
|
|
Monitor Findings |
|
|
Kubernetes Events
|
|
|
Understand the Processor Signals Table
To better understand the data in the Processor Signals table, review the following table:
Column | Description |
Timestamp | This column displays the date and time that the signal was detected. |
EDAC |
This column displays an internal identification, which is also known as a capture ID. edac means Edge Delta Anomaly Context. |
Metric |
This column displays the metric whose configuration triggered a signal. A metric is configured via a processor.
|
Host | This column displays the host name where the agent is deployed. |
Tag | This column displays the tag associated with the agent configuration whose configuration triggered the signal. |
Source |
This column displays the source file, directory, or container of the signal. |
Actions |
When you click on Actions, you will be redirected to the Investigation page to view detailed information for the selected signal. This page also displays contextual logs and log patterns. |
Understand the Monitor Findings Table
To better understand the data in the Monitor Findings table, review the following table:
Column | Description |
Timestamp | This column displays the date and time that the finding was detected. |
Finding ID | This column displays an internal identification. |
Cause | This column displays the monitor or custom metric that triggered the finding. |
Tag | This column displays the tag associated with the agent configuration that triggered the finding. |
Source | This column displays the source file, directory, or container of the finding. |
Actions |
When you click on Actions, you will be redirected to the Patterns page.
|
Understand the Kubernetes Events Table
To better understand the data in the Kubernetes Events table, review the following table:
Column | Description |
Timestamp | This column displays the date and time that the event was detected. |
Event ID | This column displays an internal identification. |
Description | This column displays a description of the event. |
Agent Tag | This column displays the tag associated with the agent configuration that triggered the finding. |
Source | This column displays the source file, directory, or container of the finding. |
Actions |
Disable Notifications for a Specific Finding
You can use these instructions to learn how to disable (suppress) notifications for a specific finding.
Specifically, you can use the Finding Status setting to:
- Disable notifications for a specific finding
- No longer display entries of future detections on the Insights page
By default, in the Edge Delta App, the button to suppress notifications is hidden. As a result, you must enter a URL with the specified finding_ID to view the setting in the app.
Step 1: Locate a Finding ID
-
In the Edge Delta App, on the left-side navigation, click Observability, and then click Insights.
-
Navigate to the Signals, Findings, and Events table, and then click Findings to filter the table.
-
Locate the desired finding, and then copy the Finding ID.
- Additionally, note the Timestamp information.
Step 2: Display and Update the Finding Status Option
-
In a separate browser window or tab, copy and paste the following URL:
- https://app.edgedelta.com/patterns?pattern_offset=168&pattern_merge_level=Medium&pattern_finding_id=FINDINGID&fb=true&lookback=168h
-
In the above URL, you must replace FINDINGID with the finding_ID you copied earlier.
-
When you hit Enter, you will be redirected to the Patterns page in the app, with the specified filters already applied, including the finding_id.
-
If you receive an error message about an invalid finding _id, then to troubleshoot:
-
Click Filters, then expand the date range, and then click Apply Filters.
-
If the specified date range does not include when the finding _id was detected, then the finding _id may be considered invalid.
-
-
-
In the top menu with filtering options, locate Finding Status.
-
To suppress notifications for the specific findings, ensure that the Finding Status is Inactive.
Note
When you navigate away from the Patterns page, the Finding Status setting will disappear. As a result, to update the Finding Status setting, you must enter the same URL with the same finding_ID. In short, you must repeat the steps in these instructions.